2 # Makefile for the security policy.
6 # install - compile and install the policy configuration, and context files.
7 # load - compile, install, and load the policy configuration.
8 # reload - compile, install, and load/reload the policy configuration.
9 # relabel - relabel filesystems based on the file contexts configuration.
10 # checklabels - check filesystems against the file context configuration
11 # restorelabels - check filesystems against the file context configuration
12 # and restore the label of files with incorrect labels
13 # policy - compile the policy configuration locally for testing/development.
15 # The default target is 'policy'.
18 # Please see build.conf for policy build options.
21 VERSION
= $(shell git tag
2>/dev
/null | tail
-n1
)
23 ########################################
25 # NO OPTIONS BELOW HERE
28 # Include the local build.conf if it exists, otherwise
29 # include the configuration of the root directory.
33 -include $(LOCAL_ROOT
)/build.conf
37 version
= $(shell cat VERSION
)
40 builddir
:= $(LOCAL_ROOT
)/
41 tmpdir
:= $(LOCAL_ROOT
)/tmp
42 tags := $(LOCAL_ROOT
)/tags
52 tc_usrbindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)$(BINDIR
)
53 tc_usrsbindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)$(SBINDIR
)
54 tc_sbindir
:= env LD_LIBRARY_PATH
="$(TEST_TOOLCHAIN)/lib" $(TEST_TOOLCHAIN
)/sbin
56 tc_usrbindir
:= $(BINDIR
)
57 tc_usrsbindir
:= $(SBINDIR
)
60 CHECKPOLICY ?
= $(tc_usrbindir
)/checkpolicy
61 CHECKMODULE ?
= $(tc_usrbindir
)/checkmodule
62 SEMODULE ?
= $(tc_usrsbindir
)/semodule
63 SEMOD_PKG ?
= $(tc_usrbindir
)/semodule_package
64 SEMOD_LNK ?
= $(tc_usrbindir
)/semodule_link
65 SEMOD_EXP ?
= $(tc_usrbindir
)/semodule_expand
66 SEPOLGEN ?
= $(tc_usrbindir
)/sepolgen-ifgen
67 LOADPOLICY ?
= $(tc_usrsbindir
)/load_policy
68 SETFILES ?
= $(tc_sbindir
)/setfiles
69 XMLLINT ?
= $(BINDIR
)/xmllint
70 SECHECK ?
= $(BINDIR
)/sechecker
72 # interpreters and aux tools
83 # policy source layout
85 moddir
:= $(poldir
)/modules
86 flaskdir
:= $(poldir
)/flask
87 secclass
:= $(flaskdir
)/security_classes
88 isids
:= $(flaskdir
)/initial_sids
89 avs
:= $(flaskdir
)/access_vectors
93 local_poldir
:= $(LOCAL_ROOT
)/policy
94 local_moddir
:= $(local_poldir
)/modules
97 # policy building support tools
99 genxml
:= $(PYTHON
) -E
$(support
)/segenxml.py
100 gendoc
:= $(PYTHON
) -E
$(support
)/sedoctool.py
101 genperm
:= $(PYTHON
) -E
$(support
)/genclassperms.py
102 fcsort
:= $(tmpdir
)/fc_sort
103 setbools
:= $(AWK
) -f
$(support
)/set_bools_tuns.awk
104 get_type_attr_decl
:= $(SED
) -r
-f
$(support
)/get_type_attr_decl.sed
105 comment_move_decl
:= $(SED
) -r
-f
$(support
)/comment_move_decl.sed
106 gennetfilter
:= $(PYTHON
) -E
$(support
)/gennetfilter.py
107 m4iferror
:= $(support
)/iferror.m4
108 m4divert
:= $(support
)/divert.m4
109 m4undivert
:= $(support
)/undivert.m4
110 # use our own genhomedircon to make sure we have a known usable one,
111 # so policycoreutils updates are not required (RHEL4)
112 genhomedircon
:= $(PYTHON
) -E
$(support
)/genhomedircon
114 # documentation paths
116 xmldtd
= $(docs
)/policy.dtd
117 metaxml
= metadata.xml
118 doctemplate
= $(docs
)/templates
119 docfiles
= $(docs
)/Makefile.example
$(addprefix $(docs
)/,example.te example.if example.
fc)
122 polxml
= $(docs
)/policy.xml
123 tunxml
= $(docs
)/global_tunables.xml
124 boolxml
= $(docs
)/global_booleans.xml
125 htmldir
= $(docs
)/html
127 polxml
= $(LOCAL_ROOT
)/doc
/policy.xml
128 tunxml
= $(LOCAL_ROOT
)/doc
/global_tunables.xml
129 boolxml
= $(LOCAL_ROOT
)/doc
/global_booleans.xml
130 htmldir
= $(LOCAL_ROOT
)/doc
/html
134 globaltun
= $(poldir
)/global_tunables
135 globalbool
= $(poldir
)/global_booleans
136 rolemap
= $(poldir
)/rolemap
137 user_files
:= $(poldir
)/users
138 policycaps
:= $(poldir
)/policy_capabilities
140 # local config file paths
142 mod_conf
= $(poldir
)/modules.conf
143 booleans
= $(poldir
)/booleans.conf
144 tunables
= $(poldir
)/tunables.conf
146 mod_conf
= $(local_poldir
)/modules.conf
147 booleans
= $(local_poldir
)/booleans.conf
148 tunables
= $(local_poldir
)/tunables.conf
152 PKGNAME ?
= refpolicy-
$(version
)
153 prefix = $(DESTDIR
)/usr
154 topdir
= $(DESTDIR
)/etc
/selinux
155 installdir
= $(topdir
)/$(strip $(NAME
))
156 srcpath
= $(installdir
)/src
157 userpath
= $(installdir
)/users
158 policypath
= $(installdir
)/policy
159 contextpath
= $(installdir
)/contexts
160 homedirpath
= $(contextpath
)/files
/homedir_template
161 fcpath
= $(contextpath
)/files
/file_contexts
162 ncpath
= $(contextpath
)/netfilter_contexts
163 sharedir
= $(prefix)/share
/selinux
164 modpkgdir
= $(sharedir
)/$(strip $(NAME
))
165 headerdir
= $(modpkgdir
)/include
166 docsdir
= $(prefix)/share
/doc
/$(PKGNAME
)
168 # enable MLS if requested.
170 M4PARAM
+= -D enable_mls
176 # enable MLS if MCS requested.
178 M4PARAM
+= -D enable_mcs
184 # enable distribution-specific policy
186 M4PARAM
+= -D distro_
$(DISTRO
)
189 # rhel4 also implies redhat
190 ifeq "$(DISTRO)" "rhel4"
191 M4PARAM
+= -D distro_redhat
194 ifeq "$(DISTRO)" "ubuntu"
195 M4PARAM
+= -D distro_debian
198 ifneq ($(OUTPUT_POLICY
),)
199 CHECKPOLICY
+= -c
$(OUTPUT_POLICY
)
202 ifneq "$(CUSTOM_BUILDOPT)" ""
203 M4PARAM
+= $(foreach opt
,$(CUSTOM_BUILDOPT
),-D
$(opt
))
206 # if not set, use the type as the name.
209 # default unknown permissions setting
212 ifeq ($(DIRECT_INITRC
),y
)
213 M4PARAM
+= -D direct_sysadm_daemon
217 M4PARAM
+= -D enable_ubac
220 # default MLS/MCS sensitivity and category settings.
229 M4PARAM
+= -D mls_num_sens
=$(MLS_SENS
) -D mls_num_cats
=$(MLS_CATS
) -D mcs_num_cats
=$(MCS_CATS
) -D hide_broken_symptoms
231 # we need exuberant ctags; unfortunately it is named
232 # differently on different distros
233 ifeq ($(DISTRO
),debian
)
234 CTAGS
:= ctags-exuberant
237 ifeq ($(DISTRO
),gentoo
)
238 CTAGS
:= exuberant-ctags
243 m4support
:= $(m4divert
) $(wildcard $(poldir
)/support
/*.spt
)
245 m4support
+= $(wildcard $(local_poldir
)/support
/*.spt
)
247 m4support
+= $(m4undivert
)
249 appconf
:= config
/appconfig-
$(TYPE
)
250 seusers
:= $(appconf
)/seusers
251 appdir
:= $(contextpath
)
252 user_default_contexts
:= $(wildcard config
/appconfig-
$(TYPE
)/*_default_contexts
)
253 user_default_contexts_names
:= $(addprefix $(contextpath
)/users
/,$(subst _default_contexts
,,$(notdir $(user_default_contexts
))))
254 appfiles
:= $(addprefix $(appdir
)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types virtual_image_context virtual_domain_context
) $(contextpath
)/files
/media
$(user_default_contexts_names
)
255 net_contexts
:= $(builddir
)net_contexts
257 all_layers
:= $(shell find
$(wildcard $(moddir
)/*) -maxdepth
0 -type d
)
259 all_layers
+= $(shell find
$(wildcard $(local_moddir
)/*) -maxdepth
0 -type d
)
262 generated_te
:= $(basename $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.te.in
)))
263 generated_if
:= $(basename $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.if.in
)))
264 generated_fc
:= $(basename $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.
fc.in
)))
266 # sort here since it removes duplicates, which can happen
267 # when a generated file is already generated
268 detected_mods
:= $(sort $(foreach dir,$(all_layers
),$(wildcard $(dir)/*.te
)) $(generated_te
))
270 modxml
:= $(addprefix $(tmpdir
)/, $(detected_mods
:.te
=.xml
))
271 layerxml
:= $(sort $(addprefix $(tmpdir
)/, $(notdir $(addsuffix .xml
,$(all_layers
)))))
272 layer_names
:= $(sort $(notdir $(all_layers
)))
273 all_metaxml
= $(call detect-metaxml
, $(layer_names
))
275 # modules.conf setting for base module
278 # modules.conf setting for loadable module
281 # modules.conf setting for unused module
284 # test for module overrides from command line
285 mod_test
= $(filter $(APPS_OFF
), $(APPS_BASE
) $(APPS_MODS
))
286 mod_test
+= $(filter $(APPS_MODS
), $(APPS_BASE
))
287 ifneq "$(strip $(mod_test))" ""
288 $(error Applications must be base
, module
, or off
, and not in more than one list
! $(strip $(mod_test
)) found in multiple lists
!)
291 # add on suffix to modules specified on command line
292 cmdline_base
:= $(addsuffix .te
,$(APPS_BASE
))
293 cmdline_mods
:= $(addsuffix .te
,$(APPS_MODS
))
294 cmdline_off
:= $(addsuffix .te
,$(APPS_OFF
))
296 # extract settings from modules.conf
297 mod_conf_base
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configbase)") print $$1 }' $(mod_conf
) 2> /dev
/null
)))
298 mod_conf_mods
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configmod)") print $$1 }' $(mod_conf
) 2> /dev
/null
)))
299 mod_conf_off
:= $(addsuffix .te
,$(sort $(shell awk
'/^[[:blank:]]*[[:alpha:]]/{ if ($$3 == "$(configoff)") print $$1 }' $(mod_conf
) 2> /dev
/null
)))
301 base_mods
:= $(cmdline_base
)
302 mod_mods
:= $(cmdline_mods
)
303 off_mods
:= $(cmdline_off
)
305 base_mods
+= $(filter-out $(cmdline_off
) $(cmdline_base
) $(cmdline_mods
), $(mod_conf_base
))
306 mod_mods
+= $(filter-out $(cmdline_off
) $(cmdline_base
) $(cmdline_mods
), $(mod_conf_mods
))
307 off_mods
+= $(filter-out $(cmdline_off
) $(cmdline_base
) $(cmdline_mods
), $(mod_conf_off
))
309 # add modules not in modules.conf to the off list
310 off_mods
+= $(filter-out $(base_mods
) $(mod_mods
) $(off_mods
),$(notdir $(detected_mods
)))
312 # filesystems to be used in labeling targets
313 filesystems
= $(shell mount | grep
-v
"context=" | egrep
-v
'\((|.*,)bind(,.*|)\)' | awk
'/(ext[234]|btrfs| xfs| jfs).*rw/{print $$3}';)
314 fs_names
:= "btrfs ext2 ext3 ext4 xfs jfs"
316 ########################################
321 # parse-rolemap-compat modulename,outputfile
322 define parse-rolemap-compat
323 $(verbose
) $(M4
) $(M4PARAM
) $(rolemap
) | \
324 $(AWK
) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
327 # parse-rolemap modulename,outputfile
329 $(verbose
) $(M4
) $(M4PARAM
) $(rolemap
) | \
330 $(AWK
) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
333 # perrole-expansion modulename,outputfile
334 define perrole-expansion
335 $(verbose
) echo
"ifdef(\`""$1""_per_role_template',\`" > $2
336 $(call parse-rolemap
,$1,$2)
337 $(verbose
) echo
"')" >> $2
339 $(verbose
) echo
"ifdef(\`""$1""_per_userdomain_template',\`" >> $2
340 $(verbose
) echo
"errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
341 $(call parse-rolemap-compat
,$1,$2)
342 $(verbose
) echo
"')" >> $2
345 # create-base-per-role-tmpl modulenames,outputfile
346 define create-base-per-role-tmpl
347 $(verbose
) echo
"define(\`base_per_role_template',\`" >> $2
349 $(verbose
) for i in
$1; do \
350 echo
"ifdef(\`""$$i""_per_role_template',\`""$$i""_per_role_template("'$$*'")')" \
354 $(verbose
) for i in
$1; do \
355 echo
"ifdef(\`""$$i""_per_userdomain_template',\`" >> $2 ;\
356 echo
"errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$$i""_per_userdomain_template)'__endline__)" >> $2 ;\
357 echo
"""$$i""_per_userdomain_template("'$$*'")')" >> $2 ;\
359 $(verbose
) echo
"')" >> $@
363 # detect-metaxml layer_names
365 define detect-metaxml
366 $(shell for i in
$1; do \
367 if
[ -d
$(moddir
)/$$i -a
-d
$(local_moddir
)/$$i ]; then \
368 if
[ -f
$(local_moddir
)/$$i/$(metaxml
) ]; then \
369 echo
$(local_moddir
)/$$i/$(metaxml
) ;\
371 echo
$(moddir
)/$$i/$(metaxml
) ;\
373 elif
[ -d
$(local_moddir
)/$$i ]; then
374 echo
$(local_moddir
)/$$i/$(metaxml
) ;\
376 echo
$(moddir
)/$$i/$(metaxml
) ;\
381 define detect-metaxml
382 $(shell for i in
$1; do echo
$(moddir
)/$$i/$(metaxml
); done
)
386 ########################################
388 # Load appropriate rules
391 ifeq ($(MONOLITHIC
),y
)
392 include Rules.monolithic
394 include Rules.modular
397 ########################################
401 # NOTE: There is no "local" version of these files.
403 generate
: $(generated_te
) $(generated_if
) $(generated_fc
)
405 $(moddir
)/kernel
/corenetwork.if
: $(moddir
)/kernel
/corenetwork.te.in
$(moddir
)/kernel
/corenetwork.if.m4
$(moddir
)/kernel
/corenetwork.if.in
407 @echo
"# This is a generated file! Instead of modifying this file, the" >> $@
408 @echo
"# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
410 $(verbose
) cat
$@.in
>> $@
411 $(verbose
) $(GREP
) "^[[:blank:]]*network_(interface|node|port|packet)(_controlled)?\(.*\)" $< \
412 |
$(M4
) -D self_contained_policy
$(M4PARAM
) $(m4divert
) $@.m4
$(m4undivert
) - \
413 |
$(SED
) -e
's/dollarsone/\$$1/g' -e
's/dollarszero/\$$0/g' >> $@
415 $(moddir
)/kernel
/corenetwork.te
: $(moddir
)/kernel
/corenetwork.te.m4
$(moddir
)/kernel
/corenetwork.te.in
417 @echo
"# This is a generated file! Instead of modifying this file, the" >> $@
418 @echo
"# $(notdir $@).in or $(notdir $@).m4 file should be modified." >> $@
420 $(verbose
) $(M4
) -D self_contained_policy
$(M4PARAM
) $^ \
421 |
$(SED
) -e
's/dollarsone/\$$1/g' -e
's/dollarszero/\$$0/g' >> $@
423 ########################################
425 # Network packet labeling
427 $(net_contexts
): $(moddir
)/kernel
/corenetwork.te.in
428 @echo
"Creating netfilter network labeling rules"
429 $(verbose
) $(gennetfilter
) $^
> $@
431 ########################################
433 # Create config files
435 conf
: $(mod_conf
) $(booleans
) $(generated_te
) $(generated_if
) $(generated_fc
)
437 $(mod_conf
) $(booleans
): $(polxml
)
438 @echo
"Updating $(mod_conf) and $(booleans)"
439 $(verbose
) $(gendoc
) -b
$(booleans
) -m
$(mod_conf
) -x
$(polxml
)
441 ########################################
443 # Generate the fc_sort program
445 $(fcsort
) : $(support
)/fc_sort.c
446 $(verbose
) $(CC
) $(CFLAGS
) $^
-o
$@
448 ########################################
450 # Documentation generation
452 $(layerxml
): %.xml
: $(all_metaxml
) $(filter $(addprefix $(moddir
)/, $(notdir $*))%, $(detected_mods
)) $(subst .te
,.if
, $(filter $(addprefix $(moddir
)/, $(notdir $*))%, $(detected_mods
)))
453 @
test -d
$(tmpdir
) || mkdir
-p
$(tmpdir
)
454 $(verbose
) cat
$(filter %$(notdir $*)/$(metaxml
), $(all_metaxml
)) > $@
455 $(verbose
) for i in
$(basename $(filter $(addprefix $(moddir
)/, $(notdir $*))%, $(detected_mods
))); do
$(genxml
) -w
-m
$$i >> $@
; done
457 $(verbose
) for i in
$(basename $(filter $(addprefix $(local_moddir
)/, $(notdir $*))%, $(detected_mods
))); do
$(genxml
) -w
-m
$$i >> $@
; done
460 $(tunxml
): $(globaltun
)
461 $(verbose
) $(genxml
) -w
-t
$< > $@
463 $(boolxml
): $(globalbool
)
464 $(verbose
) $(genxml
) -w
-b
$< > $@
466 $(polxml
): $(layerxml
) $(tunxml
) $(boolxml
)
467 @echo
"Creating $(@F)"
468 @
test -d
$(dir $(polxml
)) || mkdir
-p
$(dir $(polxml
))
469 @
test -d
$(tmpdir
) || mkdir
-p
$(tmpdir
)
470 $(verbose
) echo
'<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
471 $(verbose
) echo
'<!DOCTYPE policy SYSTEM "$(notdir $(xmldtd))">' >> $@
472 $(verbose
) echo
'<policy>' >> $@
473 $(verbose
) for i in
$(basename $(notdir $(layerxml
))); do echo
"<layer name=\"$$i\">" >> $@
; cat
$(tmpdir
)/$$i.xml
>> $@
; echo
"</layer>" >> $@
; done
474 $(verbose
) cat
$(tunxml
) $(boolxml
) >> $@
475 $(verbose
) echo
'</policy>' >> $@
476 $(verbose
) if
test -x
$(XMLLINT
) && test -f
$(xmldtd
); then \
477 $(XMLLINT
) --noout
--path
$(dir $(xmldtd
)) --dtdvalid
$(xmldtd
) $@
;\
482 html
$(tmpdir
)/html
: $(polxml
)
483 @echo
"Building html interface reference documentation in $(htmldir)"
484 @
test -d
$(htmldir
) || mkdir
-p
$(htmldir
)
485 @
test -d
$(tmpdir
) || mkdir
-p
$(tmpdir
)
486 $(verbose
) $(gendoc
) -d
$(htmldir
) -T
$(doctemplate
) -x
$(polxml
)
487 $(verbose
) cp
$(doctemplate
)/*.css
$(htmldir
)
488 @touch
$(tmpdir
)/html
490 ########################################
492 # Runtime binary policy patching of users
494 $(userpath
)/system.users
: $(m4support
) $(tmpdir
)/generated_definitions.conf
$(user_files
)
496 @mkdir
-p
$(userpath
)
497 @echo
"Installing system.users"
498 @echo
"# " > $(tmpdir
)/system.users
499 @echo
"# Do not edit this file. " >> $(tmpdir
)/system.users
500 @echo
"# This file is replaced on reinstalls of this policy." >> $(tmpdir
)/system.users
501 @echo
"# Please edit local.users to make local changes." >> $(tmpdir
)/system.users
502 @echo
"#" >> $(tmpdir
)/system.users
503 $(verbose
) $(M4
) -D self_contained_policy
$(M4PARAM
) $^ |
$(SED
) -r
-e
's/^[[:blank:]]+//' \
504 -e
'/^[[:blank:]]*($$|#)/d' >> $(tmpdir
)/system.users
505 $(verbose
) $(INSTALL
) -m
644 $(tmpdir
)/system.users
$@
507 $(userpath
)/local.users
: config
/local.users
508 @mkdir
-p
$(userpath
)
509 @echo
"Installing local.users"
510 $(verbose
) $(INSTALL
) -b
-m
644 $< $@
512 ########################################
514 # Build Appconfig files
516 $(tmpdir
)/initrc_context
: $(appconf
)/initrc_context
518 $(verbose
) $(M4
) $(M4PARAM
) $(m4support
) $^ |
$(GREP
) '^[a-z]' > $@
520 ########################################
522 # Install Appconfig files
524 install-appconfig
: $(appfiles
)
526 $(installdir
)/booleans
: $(booleans
)
528 @mkdir
-p
$(installdir
)
529 $(verbose
) $(SED
) -r
-e
's/false/0/g' -e
's/true/1/g' \
530 -e
'/^[[:blank:]]*($$|#)/d' $(booleans
) |
$(SORT
) > $(tmpdir
)/booleans
531 $(verbose
) $(INSTALL
) -m
644 $(tmpdir
)/booleans
$@
533 $(contextpath
)/files
/media
: $(appconf
)/media
534 @mkdir
-p
$(contextpath
)/files
/
535 $(verbose
) $(INSTALL
) -m
644 $< $@
537 $(contextpath
)/users
/%: $(appconf
)/%_default_contexts
538 @mkdir
-p
$(appdir
)/users
539 $(verbose
) $(INSTALL
) -m
644 $^
$@
541 $(appdir
)/%: $(appconf
)/%
543 $(verbose
) $(M4
) $(M4PARAM
) $(m4support
) $< > $@
545 ########################################
547 # Install policy headers
549 install-headers
: $(layerxml
) $(tunxml
) $(boolxml
)
550 @mkdir
-p
$(headerdir
)
551 @echo
"Installing $(NAME) policy headers."
552 $(verbose
) $(INSTALL
) -m
644 $^
$(headerdir
)
553 $(verbose
) $(M4
) $(M4PARAM
) $(rolemap
) > $(headerdir
)/$(notdir $(rolemap
))
554 $(verbose
) mkdir
-p
$(headerdir
)/support
555 $(verbose
) $(INSTALL
) -m
644 $(m4support
) $(word $(words $(genxml
)),$(genxml
)) $(xmldtd
) $(headerdir
)/support
556 $(verbose
) $(genperm
) $(avs
) $(secclass
) > $(headerdir
)/support
/all_perms.spt
557 $(verbose
) for i in
$(notdir $(all_layers
)); do \
558 mkdir
-p
$(headerdir
)/$$i ;\
559 $(INSTALL
) -m
644 $(moddir
)/$$i/*.if
$(headerdir
)/$$i ;\
561 $(verbose
) echo
"TYPE ?= $(TYPE)" > $(headerdir
)/build.conf
562 $(verbose
) echo
"NAME ?= $(NAME)" >> $(headerdir
)/build.conf
564 $(verbose
) echo
"DISTRO ?= $(DISTRO)" >> $(headerdir
)/build.conf
566 $(verbose
) echo
"MONOLITHIC ?= n" >> $(headerdir
)/build.conf
567 $(verbose
) echo
"DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir
)/build.conf
568 $(verbose
) echo
"override UBAC := $(UBAC)" >> $(headerdir
)/build.conf
569 $(verbose
) echo
"override MLS_SENS := $(MLS_SENS)" >> $(headerdir
)/build.conf
570 $(verbose
) echo
"override MLS_CATS := $(MLS_CATS)" >> $(headerdir
)/build.conf
571 $(verbose
) echo
"override MCS_CATS := $(MCS_CATS)" >> $(headerdir
)/build.conf
572 $(verbose
) $(INSTALL
) -m
644 $(support
)/Makefile.devel
$(headerdir
)/Makefile
574 ########################################
576 # Install policy documentation
578 install-docs
: $(tmpdir
)/html
579 @mkdir
-p
$(docsdir
)/html
580 @echo
"Installing policy documentation"
581 $(verbose
) $(INSTALL
) -m
644 $(docfiles
) $(docsdir
)
582 $(verbose
) $(INSTALL
) -m
644 $(wildcard $(htmldir
)/*) $(docsdir
)/html
584 ########################################
586 # Install policy sources
589 rm -rf
$(srcpath
)/policy.old
590 -mv
$(srcpath
)/policy
$(srcpath
)/policy.old
591 mkdir
-p
$(srcpath
)/policy
592 cp
-R .
$(srcpath
)/policy
594 ########################################
600 @
($(CTAGS
) --version | grep
-q Exuberant
) ||
(echo ERROR
: Need exuberant-ctags to function
!; exit
1)
601 @LC_ALL
=C
$(CTAGS
) -f
$(tags) --langdef
=te
--langmap
=te
:..te.if.spt \
602 --regex-te
='/^type[ \t]+(\w+)(,|;)/\1/t,type/' \
603 --regex-te
='/^typealias[ \t]+\w+[ \t+]+alias[ \t]+(\w+);/\1/t,type/' \
604 --regex-te
='/^attribute[ \t]+(\w+);/\1/a,attribute/' \
605 --regex-te
='/^[ \t]*define\(`(\w+)/\1/d,define/' \
606 --regex-te
='/^[ \t]*interface\(`(\w+)/\1/i,interface/' \
607 --regex-te
='/^[ \t]*template\(`(\w+)/\1/i,template/' \
608 --regex-te
='/^[ \t]*bool[ \t]+(\w+)/\1/b,bool/' policy
/modules
/*/*.
{if
,te
} policy
/support
/*.spt
610 ########################################
612 # Filesystem labeling
615 @echo
"Checking labels on filesystem types: $(fs_names)"
616 @if
test -z
"$(filesystems)"; then \
617 echo
"No filesystems with extended attributes found!" ;\
620 $(verbose
) $(SETFILES
) -v
-n
$(fcpath
) $(filesystems
)
623 @echo
"Restoring labels on filesystem types: $(fs_names)"
624 @if
test -z
"$(filesystems)"; then \
625 echo
"No filesystems with extended attributes found!" ;\
628 $(verbose
) $(SETFILES
) -v
$(fcpath
) $(filesystems
)
631 @echo
"Relabeling filesystem types: $(fs_names)"
632 @if
test -z
"$(filesystems)"; then \
633 echo
"No filesystems with extended attributes found!" ;\
636 $(verbose
) $(SETFILES
) $(fcpath
) $(filesystems
)
639 @echo
"Resetting labels on filesystem types: $(fs_names)"
640 @if
test -z
"$(filesystems)"; then \
641 echo
"No filesystems with extended attributes found!" ;\
644 $(verbose
) $(SETFILES
) -F
$(fcpath
) $(filesystems
)
646 ########################################
660 # don't remove these files if we're given a local root
663 rm -f
$(support
)/*.pyc
664 ifneq ($(generated_te
),)
665 rm -f
$(generated_te
)
667 ifneq ($(generated_if
),)
668 rm -f
$(generated_if
)
670 ifneq ($(generated_fc
),)
671 rm -f
$(generated_fc
)
675 .PHONY
: install-src install-appconfig install-headers generate xml conf html bare
tags
681 git archive
--format
=tar --prefix=selinux-policy-
$(VERSION
)/ HEAD | \
682 gzip
-9 > selinux-policy-
$(VERSION
).
tar.gz